Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-28951 WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability — Bulk Featured Image 9.1 Critical2025-07-04
CVE-2025-6586 Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload — Download Plugin 7.2 High2025-07-04
CVE-2025-5322 VikRentCar Car Rental Management System <= 1.4.3 - Authenticated (Administrator+) Arbitrary File Upload — VikRentCar Car Rental Management System 7.2 High2025-07-03
CVE-2025-23968 WordPress AiBud WP plugin <= 1.9 - Arbitrary File Upload vulnerability — AiBud WP 9.1 Critical2025-07-03
CVE-2025-5961 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload — WPvivid — Backup, Migration & Staging 7.2 High2025-07-03
CVE-2025-5746 Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload — Drag and Drop Multiple File Upload (Pro) - WooCommerce 9.8 Critical2025-07-02
CVE-2025-6900 code-projects Library System add-book.php unrestricted upload — Library System 6.3 Medium2025-06-30
CVE-2025-6873 SourceCodester Simple Company Website Users.php unrestricted upload — Simple Company Website 4.7 Medium2025-06-29
CVE-2025-6872 SourceCodester Simple Company Website SystemSettings.php unrestricted upload — Simple Company Website 4.7 Medium2025-06-29
CVE-2025-6870 SourceCodester Simple Company Website Content.php unrestricted upload — Simple Company Website 4.7 Medium2025-06-29
CVE-2025-6848 code-projects Simple Forum forum1.php unrestricted upload — Simple Forum 6.3 Medium2025-06-29
CVE-2025-6843 code-projects Simple Photo Gallery upload-photo.php unrestricted upload — Simple Photo Gallery 7.3 High2025-06-29
CVE-2025-6837 code-projects Library System profile.php unrestricted upload — Library System 6.3 Medium2025-06-29
CVE-2025-53260 WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability — File Manager Plugin For Wordpress 9.1 Critical2025-06-27
CVE-2025-49885 WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Upload Vulnerability — Drag and Drop Multiple File Upload (Pro) - WooCommerce 10.0 Critical2025-06-27
CVE-2025-34046 Fanwei E-Office Unauthenticated File Upload — E-Office 9.8AICriticalAI2025-06-26
CVE-2025-6667 code-projects Car Rental System add_cars.php unrestricted upload — Car Rental System 6.3 Medium2025-06-25
CVE-2025-6206 Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload — Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit 7.5 High2025-06-24
CVE-2025-36519 Elecom WRC-2533GST2和Elecom WRC-1167GST2 代码问题漏洞 — WRC-2533GST2 8.8AIHighAI2025-06-24
CVE-2025-34040 Seeyon Zhiyuan OA System Path Traversal File Upload — Zhiyuan OA Web Application System 9.8AICriticalAI2025-06-24
CVE-2025-6466 ageerle ruoyi-ai SseServiceImpl.java upload unrestricted upload — ruoyi-ai 6.3 Medium2025-06-22
CVE-2025-6422 Campcodes Online Recruitment Management System About Content Page ajax.php unrestricted upload — Online Recruitment Management System 6.3 Medium2025-06-21
CVE-2025-4102 Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload — Beaver Builder Plugin (Starter Version) 7.2 High2025-06-20
CVE-2025-6266 Teledyne FLIR AX8 upload.php unrestricted upload — AX8 6.3 Medium2025-06-19
CVE-2025-6220 Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options' — Ultra Addons for Contact Form 7 7.2 High2025-06-18
CVE-2025-6086 CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload — CSV Me 7.2 High2025-06-18
CVE-2025-4413 Pixabay Images <= 3.4 - Authenticated (Author+) Arbitrary File Upload — Pixabay Images 8.8 High2025-06-18
CVE-2025-34511 Sitecore PowerShell Extension RCE via Unrestricted Upload — Powershell Extension 8.8 High2025-06-17
CVE-2025-49071 WordPress Flozen < 1.5.1 - Arbitrary File Upload Vulnerability — Flozen 10.0 Critical2025-06-17
CVE-2025-32510 WordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerability — Ovatheme Events Manager 10.0 Critical2025-06-17

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.